WellPoint Inc.
has notified
470,000 individual insurance customers that medical records, credit card numbers and
other sensitive information may have been exposed in the latest security breach of
the health insurer's
records.

The Indianapolis company said the problem stemmed from an
online program customers can use to track the progress of their
application for coverage. It was fixed in March.

Spokeswoman Cynthia Sanders said an outside vendor had upgraded the insurer's application
tracker last October and told the insurer all security measures were
back in place.

But a California customer discovered that she
could call up confidential information of other customers by
manipulating Web addresses used in the program. Customers use a Web site
and password to track their applications.

WellPoint
learned about the problem when the customer filed a lawsuit about it
against the company in March.

"Within 12 hours of knowing the problem
existed, we fixed it," said Sanders, who declined to identify the
outside vendor.

WellPoint is the largest commercial health insurer
based on membership, with nearly 34 million members. It runs Blue Cross Blue Shield plans
in 14 states and Unicare plans in several others.

Sanders said the insurer notified customers
in most of its states. That includes about 230,000 customers of its Anthem Blue Cross subsidiary
in California.

About 356 million records of U.S. residents
have been compromised or exposed due to security breaches since 2005, according to
Privacy Rights Clearinghouse, a consumer advocacy group that tracks such
reports.

WellPoint's security breach doesn't crack the top 10 in
terms of number of people who may have had information exposed, said
Paul Stephens, the organization's director of policy and advocacy. Even
so, he labeled the breach "very serious" because it possibly involved
both financial and medical information.

"There are obviously multiple concerns there
for consumers," he said.

Two years ago, WellPoint offered free credit
monitoring after it said personal information for about 128,000
customers in several states had been exposed online. In 2006, backup
computer tapes containing the personal information of 200,000 of its
members were stolen from a Massachusetts vendor's office.

WellPoint's latest breach affected only
individual insurance customers and not group coverage or people who buy
Medicare Advantage insurance.
Sanders said the company believes a "vast majority" of the unauthorized
access of customer information came from the plaintiff and her
attorneys.

The insurer notified all individual insurance
customers who had information in its application tracking program from
October through March. It will provide a year of free credit monitoring.